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DETAILED ACTION 

1. Claims 1-12,14-15,17-18 are pending for examination. 

2. Claims 1-12,14-15,17-18 are rejected. 



Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

3. Claims 1-3,5-9,11-12,14,17 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Lamming et al, U.S. Patent 6,144,997. 

4. As per claim 1 ; "A method for managing access to a service [Abstract, figure 1 and 
associated description, col. l,line 16-col. 2,line 57] comprising the steps of (A) delegating, to a 
delegatee by a delegator, over at least one ad hoc network in a personal area network, one or 
more permissions, wherein the one or more permissions comprise authority to access the service 
and to delegate one or more further permissions to one or more subsequent delegatees and 
wherein the one or more permissions are represented using a digital signature [col 2,lines 6-57, 
col. 3,lines 36-58, col. 4,lines 43-66, col. 5,lines 45-col. 6,line 1 1, col. 6,lines 41-51, col. 7,lines 
51-62, col. 8,lines 23-col. 9,line 29 (inclusive of "Mike and Richard" scenarios), col 9,lines 66- 
col. 10,line 26, col. 10,lines 49-65, col. 11, lines 6-24, figures 1,4,5 and associated descriptions]; 
(B) receiving from at least one of said permitted delegatees data representing credential 
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information relating to said one or more permissions via a credential transmission mechanism 
over a second computer network that is different from the at least one personal area network [col. 
7,lines 51-62, col. 8,lines 23-60 ("Mike and Richard" scenarios), col. 10,lines 43-col. 12,line 57, 
figures 1,4,5 and associated descriptions]; and (C) providing access to the service to at least one 
of said permitted delegatees over said second computer network [figures 1,4,5 and associated 
descriptions]."; 

Further, as per claim 7; "A system [This claim is the system claim for the method claim 1 
above, and is rejected for the same reasons provided for the claim 1 rejection] for managing 
access to a service comprising: a delegation device that delegates to a delegatee from a delegator, 
over at least one ad hoc network in a personal area network, one or more permissions, wherein 
the one or more permissions comprise authority to delegate one or more further permissions to 
one or more subsequent delegatees and wherein the one or more permissions are represented 
using a digital signature; one or more first servers that receive from at least one of said permitted 
delegatees data representing credential infbrmation relating to said one or more permissions via a 
credential transmission mechanism over a second computer network that is different from the 
personal area network; and that provide access to the service to at least one of said permitted 
delegatees over said second computer network ". 

5. Claim 2 additionally recites the limitation that; "The method of claim 1 wherein said 
credential transmission mechanism comprises including said data in a header of an http request 
for a web page.". The teachings of Lamming et al suggest such limitations (col. 4,lines 43-col. 
5,line 17, col. 8,lines 23-col. 9,line 29 (inclusive of "Mike and Richard" scenarios)); 
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Further, as per claim 8 additionally reciting the limitation that; "The system [This claim 
is the system claim for the method claim 2 above, and is rejected for the same reasons provided 
for the claim 2 rejection] of claim 7 wherein said credential transmission mechanism comprises 
including said data in a header of an http request for a web page.". 

6. Claim 3 additionally recites the limitation that; "The method of claim 1 wherein said 
credential transmission mechanism comprises including said data in a URL.". The teachings of 
Lamming et al suggest such limitations (col. 4,lines 43-col. 5,line 17, col. 8,lines 23-coL 9,line 
29 (inclusive of "Mike and Richard" scenarios)); 

Further, as per claim 9 additionally reciting the limitation that; "The system [This claim 
is the system claim for the method claim 3 above, and is rejected for the same reasons provided 
for the claim 3 rejection] of claim 7 wherein said credential transmission mechanism comprises 
including said data in a URL.". 

7. Claim 5 additionally recites the limitation that; "The method of claim 1 wherein said 
personal area network comprises two or more devices that transmit data by infrared light 
waves.". The teachings of Lamming et al suggest such limitations (Abstract, figure 1 and 
associated description); 

Further, as per claim 1 1 additionally reciting the limitation that; "The system [This claim 
is the system claim for the method claim 5 above, and is rejected for the same reasons provided 
for the claim 5 rejection] of claim 7 wherein said personal area network comprises two or more 
devices that transmit data by infrared light waves.". 

8. Claim 6 additionally recites the limitation that; "The method of claim 1 wherein said 
personal area network comprises two or more devices that transmit data by digital short-range 
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radio waves.". The teachings of Lamming et al suggest such limitations (col. 5,lines 30-44, col. 
11, lines 25-col. 12,line 57); 

Further, as per claim 12 additionally reciting the limitation that; "The system [This claim 
is the system claim for the method claim 6 above, and is rejected for the same reasons provided 
for the claim 6 rejection] of claim 7 wherein said personal area network comprises two or more 
devices that transmit data by digital short-range radio waves.". 

9. As per claim 14; "A method for managing access to a service [Abstract, figure 1 and 
associated description, col. l,line 16-col. 2,line 57] comprising the steps of (A) delegating, to a 
delegatee by a delegator, one or more permissions, wherein the one or more permissions 
comprise authority to access the service and to delegate one or more further permissions to one 
or more subsequent delegatees and wherein the one or more permissions are represented using a 
digital signature based on a private key [col. 2,lines 6-57, col. 3,lines 36-58, col. 4,lines 43-col. 
5,line 17, col. 5,lines 45-col. 6,line 11, col. 6,lines 41-51, col. 7,lines 51-62, col. 8,lines 23-col. 
9,line 29 (inclusive of "Mike and Richard" scenarios), col. 9,lines 66-col. 10,line 26, col. 
10,lines 49-65, col. ll,lines 6-24, figures 1,4,5 and associated descriptions]; (B) receiving from 
at least one of said permitted delegatees data representing credential information relating to said 
one or more permissions, wherein said data is included in a URL, over a second computer 
network [col. 7,lines 51-62, col. 8,lines 23-60 ("Mike and Richard" scenarios), figures 1,4,5 and 
associated descriptions]; and (C) providing access to the service to at least one of said permitted 
delegates over said second computer network [figures 1,4,5 and associated descriptions]."; 

Further, as per claim 17; "A system [This claim is the system claim for the method claim 
14 above, and is rejected for the same reasons provided for the claim 14 rejection] for managing 
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access to a service comprising: a delegation device that delegates to a delegatee from a delegator 
one or more permissions, wherein the one or more permissions comprise authority to delegate 
one or more further permissions to one or more subsequent delegatees and wherein the one or 
more permissions are represented using a digital signature based on a private key; one or more 
first servers that receive from at least one of said permitted delegatees data representing 
credential information relating to said one or more permissions in a URL over a second computer 
network; and that provide access to the service to at least one of said permitted delegatees over 
said second computer network.". 



Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 4,10 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lamming et 
al, U.S. Patent 6,144,997 as applied to claims 1,7 respectively, above, and further in view of Win 
et al, U.S. Patent 6,161,139. 

Claim 4 additionally recites the limitation that; "The method of claim 1 wherein said 
credential transmission mechanism comprises including said data in a cookie within an http 
request"; 

Further, as per claim 10 additionally reciting the limitation that; "The system [This claim 
is the system claim for the method claim 4 above, and is rejected for the same reasons provided 



Application/Control Number: 09/841,733 Page 7 

Art Unit: 2136 

for the claim 4 rejection] of claim 7 wherein said credential transmission mechanism comprises 
including said data in a cookie within an http request.". 

The teachings of Lamming et al suggest such limitations (Abstract, figures 1,4,5 and 
associated description, col. l,line 16-col. 2,line 57, col. 10,lines 49-65, col. ll,lines 6-24, col. 
1 l,lines 3 1-col. 12,line 4, col. 12,lines 43-50, et seq.) without explicitly teaching of the use of 
"including [said] data in a cookie within an http request". 

Win et al teaches of using a cookie (i.e., ". . returned by the Authentication Client 
Module) for authentication across the network as required for access to resources "protected by 
the system 2" (Abstract, figures 5a-5e and associated descriptions, col. 2,lines 52-col. 3,linel9, 
col. 6,lines 19-col. 7,line 61, col. 28,lines 16-col. 29,line 33). 

Thus, it would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been motivated to combine the Win et al cookie authentication method/system 
required for access to resources, to the Lamming et al method/system for managing access (via 
permissions for authority to access service and delegate further permissions) to a service utilizing 
a delegatee/delegator, over at least one ad hoc network in a personal area network. 

Such motivation to combine would clearly encompass the need to allow for qualitatively 
superior authentication scenario to improve security in a person to person (i.e., PAN) network 
whereas the authentication is via a transmission mechanism comprising data in a cookie within 
an http request, (i.e., the Internet, Win et al, col. 6,lines 19-col. 7,line 61). 



11. Claims 15,18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lamming et 
al, U.S. Patent 6,144,997, and further in view of Win et al, U.S. Patent 6,161,139. 
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As per claim 15; "A method for managing access to a service comprising the steps of (A) 
delegating, to a delegatee by a delegator, one or more permissions, wherein the one or more 
permissions comprise authority to access the service and to delegate one or more further 
permissions to one or more subsequent delegatees and wherein the one or more permissions are 
represented using a digital signature; (B) receiving from at least one of said permitted delegates 
data representing credential information relating to said one or more permissions ■ wherein said 
data is included in a cookie within an http request, over a second computer network; and (C) 
providing access to the service to at least one of said permitted delegates over said second 
computer network"; 

Further, as per claim 18; "A system [This claim is the system claim for the method claim 
15 above, and is rejected for the same reasons provided for the claim 15 rejection] for managing 
access to a service comprising: a delegation device that delegates to a delegatee from a delegator 
one or more permissions, wherein the one or more permissions comprise authority to delegate 
one or more further permissions to one or more subsequent delegatees and wherein the one or 
more permissions are represented using a digital signature; one or more first servers that receive 
from at least one of said permitted delegatees data representing credential information relating to 
said one or more permissions in a cookie within an http request over a second computer network; 
and that provide access to the service to at least one of said permitted delegates over said second 
computer network.". 

The teachings of Lamming et al suggest such limitations (Abstract, figures 1,4,5 and 
associated description, col. l,line 16-col. 2,line 57, col. 10,lines 49-65, col. ll,lines 6-24, col. 
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1 l,lines 3 1-col. 12,line 4, col. 12,lines 43-50, et seq.) without explicitly teaching of the use of 
"including [said] data in a cookie within an http request". 

Win et al teaches of using a cookie (i.e., ". . .returned by the Authentication Client 
Module) for authentication across the network as required for access to resources "protected by 
the system 2" (Abstract, figures 5a-5e and associated descriptions, col. 2,lines 52-col. 3,linel9, 
col. 6,lines 19-col. 7,line 61, col. 28,lines 16-col. 29,line 33). 

Thus, it would have been obvious to a person of ordinary skill in the art at the time of the 
invention to have been motivated to combine the Win et al cookie authentication method/system 
required for access to resources, to the Lamming et al method/system for managing access (via 
permissions for authority to access service and delegate further permissions) to a service utilizing 
a delegatee/delegator, over at least one ad hoc network in a personal area network. 

Such motivation to combine would clearly encompass the need to allow for qualitatively 
superior authentication scenario to improve security in a person to person (i.e., PAN) network 
whereas the authentication is via a transmission mechanism comprising data in a cookie within 
an http request, (i.e., the Internet, Win et al, col 6,lines 19-col. 7,line 61). 

Conclusion 

12. Any inquiry concerning this communication or earlier communications from examiner 
should be directed to Ronald Baum, whose telephone number is (703) 305-4276. The examiner 
can normally be reached Monday through Friday from 8:00 AM to 5:30 PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The Fax numbers for the 
organization where this application is assigned are: 
After-final (703) 746-7238 

Official (703) 746-7239 

Non-Official/Draft (703) 746-7246 
Ronald Baum 
Patent Examiner 
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